Newer Version Available
Generate a Tenant Secret
Generating an event bus tenant secret is a prerequisite step for enabling encryption of
change events.
Prerequisites:
| User Permissions Needed | |
|---|---|
| To manage tenant secrets: | Manage Encryption Keys |
Only authorized users can generate tenant secrets from the Platform Encryption page. Ask your Salesforce admin to assign you the Manage Encryption Keys permission.
Steps:
- From Setup, in the Quick Find box, enter Platform Encryption, and then select Key Management.
-
If your org has no tenant secrets, follow these steps to set up a tenant secret for the
first time.
- Click Generate Tenant Secret or, to upload a customer-supplied tenant secret, click Bring Your Own Key.
- In the Choose Tenant Secret Type dropdown list, choose Event Bus.
-
If your org already has one or more tenant secrets, generate or upload an Event Bus
tenant secret.
- In the Choose Tenant Secret Type dropdown list, choose Event Bus.
-
Click Generate Tenant Secret or, to upload a
customer-supplied tenant secret, click Bring Your Own
Key.

Alternatively, you can generate a tenant secret through SOAP API or REST API using the
TenantSecret object and the Type field value of EventBus.
You can generate or rotate an Event Bus tenant secret once every 7 days.
For more information, see TenantSecret in the Object Reference for Salesforce and Lightning Platform.